All Products
Document Center

[Vulnerability notice] CVE-2016–3714: Remote code execution vulnerability in ImageMagick

Last Updated: Apr 02, 2018

CVE identifier


Vulnerability name

Remote code execution vulnerability in ImageMagick

Vulnerability rating


Vulnerability description

ImageMagick is popular image processing software. Recently, the software has been reported to have a remote code execution vulnerability, CVE-2016–3714.

This vulnerability allows attackers to run arbitrary code on the target server by uploading a maliciously crafted image file. It has been confirmed that certain well-known applications, such as WordPress, are affected by this vulnerability because ImageMagick is widely used.

Affected scope

ImageMagick <= 6.9.3-9

How to fix or mitigate

Note: Before you fix the vulnerability, create a server snapshot, which can be used for restoration if fixing the vulnerability fails.